diff --git a/src/internal.c b/src/internal.c index 0ea1b04f2b..bed3cf2e90 100644 --- a/src/internal.c +++ b/src/internal.c @@ -36925,6 +36925,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case WC_NO_ERR_TRACE(BAD_CERTIFICATE_STATUS_ERROR): return bad_certificate_status_response; case WC_NO_ERR_TRACE(OUT_OF_ORDER_E): + case WC_NO_ERR_TRACE(DUPLICATE_MSG_E): return unexpected_message; default: return invalid_alert; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 23f576781b..ce40537143 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -8345,8 +8345,8 @@ void wolfSSL_EVP_init(void) * combines them to a new iv. EVP is given exactly *one* iv, * so to pass it into chacha, we have to revert that first. * The counter comes first in little-endian */ - word32 counter = (word32)iv[0] + (word32)(iv[1] << 8) + - (word32)(iv[2] << 16) + (word32)(iv[3] << 24); + word32 counter = (word32)iv[0] | ((word32)iv[1] << 8) | + ((word32)iv[2] << 16) | ((word32)iv[3] << 24); if (wc_Chacha_SetIV(&ctx->cipher.chacha, iv + sizeof(counter), counter) != 0) { @@ -13056,7 +13056,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 }; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - word32 length; + /* int (not word32) to match the int* out-parameter of GetSequence/GetLength; + * casting &length aliased a word32 and corrupted it on platforms where + * sizeof(int) != sizeof(word32). Values are non-negative ASN.1 lengths. */ + int length; word32 inOutIdx; word32 oid; byte tagFound; @@ -13092,17 +13095,17 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx; int wsz; - if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) { + if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) { break; } - if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) { + if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) { break; } if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, (word32)pkeySz) < 0) { break; } - if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) { + if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) { break; } /* get prime element */ @@ -13112,7 +13115,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tagFound != ASN_INTEGER) { break; } - if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) { + if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) { break; } prime = (byte*)(pkey + inOutIdx); @@ -13126,7 +13129,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tagFound != ASN_INTEGER) { break; } - if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) { + if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) { break; } if (length != 1) { @@ -13142,7 +13145,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tagFound != ASN_BIT_STRING) { break; } - if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) { + if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) { break; } inOutIdx ++; @@ -13152,7 +13155,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tagFound != ASN_INTEGER) { break; } - if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) { + if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) { break; } publicKeySz = (int)length; diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 240011ac04..d91ffed1e6 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -74,6 +74,10 @@ int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, int ret = 0; WC_DECLARE_VAR(aes, Aes, 1, 0); + if (out == NULL || in == NULL || key == NULL || iv == NULL) { + return BAD_FUNC_ARG; + } + WC_ALLOC_VAR_EX(aes, Aes, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E);